Nortel VPN Router Installation and Upgrade — Client Software

If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Netw

324662-A Rev 01

13 October 2008Document status: Standard

600 Technology Park DriveBillerica, MA 01821-4130

Nortel VPN Router Installation and Upgrade — Client Soft-

ware

Copyright © 2008 Nortel Networks All rights reserved.

The information in this document is subject to change without notice The statements, configurations, technical data, and recommendations in this document are believed to be accurate and reliable, but are presented without express or implied warranty Users must take full responsibility for their applications of any products specified in this document The information in this document is proprietary to Nortel Networks

The software described in this document is furnished under a license agreement and may be used only in accordance with the terms of that license The software license agreement is included in this document

Trademarks

Nortel, the Nortel logo, and the Globemark are trademarks of Nortel Networks

Adobe and Acrobat Reader are trademarks of Adobe Systems Incorporated

Entrust is a trademark of Entrust Technologies Inc

Microsoft and Windows are trademarks of Microsoft Corporation

Netscape and Netscape Navigator are trademarks of Netscape Communications Corporation

SecurID is a trademark of RSA Security Inc

All other trademarks are the property of their respective owners

Restricted rights legend

Use, duplication, or disclosure by the United States Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013

Notwithstanding any other license agreement that may pertain to, or accompany the delivery of, this computer software, the rights of the United States Government regarding its use, reproduction, and disclosure are as set forth in the Commercial Computer Software-Restricted Rights clause at FAR 52.227-19

by the University of California, Berkeley The name of the University may not be used to endorse or promote products derived from such portions of the software without specific prior written permission

SUCH PORTIONS OF THE SOFTWARE ARE PROVIDED “AS IS” AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF

MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

In addition, the program and information contained herein are licensed only pursuant to a license agreement that contains restrictions on use and disclosure (that may incorporate by reference certain limitations and notices imposed by third parties)

Nortel Networks Inc software license agreement

This Software License Agreement (“License Agreement”) is between you, the end-user (“Customer”) and Nortel Networks Corporation and its subsidiaries and affiliates (“Nortel Networks”) PLEASE READ THE FOLLOWING CAREFULLY YOU MUST ACCEPT THESE LICENSE TERMS IN ORDER TO DOWNLOAD AND/OR USE THE SOFTWARE USE OF THE SOFTWARE CONSTITUTES YOUR ACCEPTANCE OF THIS LICENSE

AGREEMENT If you do not accept these terms and conditions, return the Software, unused and in the original shipping container, within 30 days of purchase to obtain a credit for the full purchase price

“Software” is owned or licensed by Nortel Networks, its parent or one of its subsidiaries or affiliates, and is copyrighted and licensed, not sold Software consists of machine-readable instructions, its components, data, audio-visual content (such as images, text, recordings or pictures) and related licensed materials including all whole or partial copies Nortel Networks grants you a license to use the Software only in the country where you acquired the Software You obtain no rights other than those granted to you under this License Agreement You are responsible for the selection of the Software and for the installation of, use of, and results obtained from the Software

1 Licensed Use of Software Nortel Networks grants Customer a nonexclusive license to use a copy of the Software

on only one machine at any one time or to the extent of the activation or authorized usage level, whichever is applicable

To the extent Software is furnished for use with designated hardware or Customer furnished equipment (“CFE”), Customer is granted a nonexclusive license to use Software only on such hardware or CFE, as applicable Software contains trade secrets and Customer agrees to treat Software as confidential information using the same care and discretion Customer uses with its own similar information that it does not wish to disclose, publish or disseminate Customer will ensure that anyone who uses the Software does so only in compliance with the terms of this Agreement Customer shall not a) use, copy, modify, transfer or distribute the Software except as expressly authorized; b) reverse assemble, reverse compile, reverse engineer or otherwise translate the Software; c) create derivative works or

modifications unless expressly authorized; or d) sublicense, rent or lease the Software Licensors of intellectual property

to Nortel Networks are beneficiaries of this provision Upon termination or breach of the license by Customer or in the event designated hardware or CFE is no longer in use, Customer will promptly return the Software to Nortel Networks or certify its destruction Nortel Networks may audit by remote polling or other reasonable means to determine Customer’s Software activation or usage levels If suppliers of third party software included in Software require Nortel Networks to include additional or different terms, Customer agrees to abide by such terms provided by Nortel Networks with respect

to such third party software

2 Warranty Except as may be otherwise expressly agreed to in writing between Nortel Networks and Customer,

Software is provided “AS IS” without any warranties (conditions) of any kind NORTEL NETWORKS DISCLAIMS ALL WARRANTIES (CONDITIONS) FOR THE SOFTWARE, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE AND ANY WARRANTY OF NON-INFRINGEMENT Nortel Networks is not obligated to provide support of any kind for the Software Some jurisdictions do not allow exclusion of implied warranties, and, in such event, the above exclusions may not apply

3 Limitation of Remedies IN NO EVENT SHALL NORTEL NETWORKS OR ITS AGENTS OR SUPPLIERS BE

LIABLE FOR ANY OF THE FOLLOWING: a) DAMAGES BASED ON ANY THIRD PARTY CLAIM; b) LOSS OF,

OR DAMAGE TO, CUSTOMER’S RECORDS, FILES OR DATA; OR c) DIRECT, INDIRECT, SPECIAL,

INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES (INCLUDING LOST PROFITS OR SAVINGS), WHETHER IN CONTRACT, TORT OR OTHERWISE (INCLUDING NEGLIGENCE) ARISING OUT OF YOUR USE OF THE SOFTWARE, EVEN IF NORTEL NETWORKS, ITS AGENTS OR SUPPLIERS HAVE BEEN ADVISED OF THEIR POSSIBILITY The forgoing limitations of remedies also apply to any developer and/or supplier

of the Software Such developer and/or supplier is an intended beneficiary of this Section Some jurisdictions do not allow these limitations or exclusions and, in such event, they may not apply

4 General

a If Customer is the United States Government, the following paragraph shall apply: All Nortel Networks Software available under this License Agreement is commercial computer software and commercial computer software documentation and, in the event Software is licensed for or on behalf of the United States

Government, the respective rights to the software and software documentation are governed by Nortel Networks standard commercial license in accordance with U.S Federal Regulations at 48 C.F.R Sections 12.212 (for non-DoD entities) and 48 C.F.R 227.7202 (for DoD entities)

b Customer may terminate the license at any time Nortel Networks may terminate the license if Customer fails

to comply with the terms and conditions of this license In either event, upon termination, Customer must either return the Software to Nortel Networks or certify its destruction

c Customer is responsible for payment of any taxes, including personal property taxes, resulting from

Customer’s use of the Software Customer agrees to comply with all applicable laws including all applicable export and import laws and regulations

d Neither party may bring an action, regardless of form, more than two years after the cause of the action arose

e The terms and conditions of this License Agreement form the complete and exclusive agreement between Customer and Nortel Networks

f This License Agreement is governed by the laws of the country in which Customer acquires the Software If the Software is acquired in the United States, then this License Agreement is governed by the laws of the state

of New York

Preface 7

Before you begin 7

Text conventions 8

Related publications 10

Printed technical manuals 11

How to get help 11

Finding the latest updates on the Nortel Web site 12

Getting help from the Nortel Web site 13

Getting help over the phone from a Nortel Solutions Center 13

Getting help from a specialist by using an Express Routing Code 13

Getting help through a Nortel distributor or reseller 14

New in this release 15

Chapter 1 Nortel VPN Client installation 17

Navigation 17

Upgrade fundamentals 17

Upgrade from legacy versions 17

Profile preservation 18

Option settings preservation 18

MSI kit 19

MSI installation modes 19

Basic installation 19

Installing the Nortel VPN Client as an application 20

Installing the Nortel VPN Client as an NT Service 20

Installing the Nortel VPN Client as an NT Service with NNGINA 22

Custom installation 23

Modifying the custom installation 23

Change the installer parameters 24

Replace installer files 24

Files, icons, and bitmaps 25

Appendix A 27

Microsoft Windows Installer command line options 27

Custom installation parameters 30

Index 37

This guide provides the information to install or upgrade the Nortel Virtual Private Network (VPN) Client

Before you begin

This guide is intended for network managers who configure and maintain Nortel VPN Client software for the Nortel VPN Router This guide is based on the assumption that you have experience with window systems or graphical user interfaces (GUI) and that you are familiar with network management

The minimum PC requirements for the Nortel VPN Client are:

• Windows 2000, Windows XP

• 200 megahertz (MHz) Pentium

• 64 megabyte (Mbyte) memory

• 10 Mbyte free hard disk space

For more information about the configuration and maintenance of the Nortel VPN

Router, see Nortel VPN Router Configuration—Basic Features (NN46110-500).

Text conventions

This guide uses the following text conventions.

angle brackets (< >) Indicates that you choose the text to enter based on the

description inside the brackets Do not type the brackets when you enter the command.

Example: If the command syntax is

ping <ip_address>, you enter

ping 192.32.10.12 bold Courier text Indicates command names and options and text that

you need to enter.

Example: Use the show health command

Example: Enter terminal paging {off | on} braces ({}) Indicates required elements in syntax descriptions

where more than one option exists You must choose only one option Do not type the braces when you enter the command.

Example: If the command syntax is ldap-server

either ldap-server source externalor

brackets ([ ]) Indicates optional elements in syntax descriptions Do

not type the brackets when you enter the command Example: If the command syntax is

show ntp [associations], you can enter either show ntp orshow ntp associations

Example: If the command syntax is default rsvp [token-bucket {depth | rate}], you can enter

ellipsis points ( .) Indicates that you repeat the last element of the

command as needed.

Example: If the command syntax is

more diskn:<directory>/ <file_name>, you enter more and the fully qualified file name.

italic text Indicates new terms, book titles, and variables in

command syntax descriptions If a variable is two or more words, an underscore connects the words.

Example: If the command syntax is

ping <ip_address>, ip_address is one variable and so you substitute only one value.

plain Courier

text

Indicates system output, for example, prompts and system messages.

Example: File not found

separator ( , ) Shows menu paths

Example: Select Status, Health Check

vertical line ( | ) Separates choices for command keywords and

arguments Enter only one choice Do not type the vertical line when you enter the command.

Example: If the command syntax is

terminal paging {off | on}, you enter either

on, but not both.

• Nortel VPN Client Configuration—Client (NN46110-306) provides

information to install and configure client software for the VPN Client

• Nortel VPN Client Configuration—TunnelGuard (NN46110-307) provides

information to configure and use the TunnelGuard feature.

information to upgrade the server software to the most recent release.

• Nortel VPN Client Configuration—Basic Features (NN46110-500) introduces

the product and provides information about initial setup and configuration.

• Nortel VPN Client Configuration—SSL VPN Services (NN46110-501)

provides instructions to configure services on the SSL VPN Module 1000, which includes authentication, networks, user groups, and portal links.

provides configuration information for advanced features such as the Point-to-Point Protocol (PPP), Frame Relay, and interoperability with other vendors.

• Nortel VPN Client Configuration—Tunneling Protocols (NN46110-503)

provides information for the tunneling protocols IPsec, Layer 2 Tunneling Protocol (L2TP), Point-to-Point Tunneling Protocol (PPTP), and Layer 2 Forwarding (L2F).

• Nortel VPN Client Configuration—Routing (NN46110-504) provides the

configuration information for Border Gateway Protocol (BGP), Routing Information Protocol (RIP), Open Shortest Path First (OSPF), Virtual Router Redundancy Protocol (VRRP), Equal Cost Multipath (ECMP), routing policy services, and client address redistribution (CAR).

• Nortel VPN Client Using the Command Line Interface (NN46110-507)

provides syntax, descriptions, and examples for the commands that you can use from the command line interface (CLI).

• Nortel VPN Client Configuration—Firewalls, Filters, NAT, and QoS

(NN46110-508) provides instructions to configure the Stateful Firewall and VPN Client interface and tunnel filters.

• Nortel VPN Client Security— Servers, Authentication, and Certificates

(NN46110-600) provides configuration information for authentication services and digital certificates.

• Nortel VPN Client Troubleshooting—Server (NN46110-602) provides

information about system administrator tasks such as recovery, and instructions to monitor VPN Router status and performance This document also provides troubleshooting information and event log messages.

• Nortel VPN Router Administration (NN46110-603) provides information

about system administrator tasks such as backups, file management, serial connections, initial passwords, and general network management functions.

• Nortel VPN Client Troubleshooting—Client (NN46110-700) provides

information to troubleshoot installation and connectivity problems with the Nortel VPN Client

Printed technical manuals

To print selected technical manuals and release notes free, directly from the Internet, go to www.nortel.com/documentation Find the product for which you need documentation, and then locate the specific category and model or version for your hardware or software product Use Adobe Reader to open the manuals and release notes, search for the sections you need, and then you can print them on most standard printers Go to the Adobe Systems Web site at www.adobe.com to download a free copy of the Adobe Reader.

How to get help

This section explains how to get help for Nortel products and services.

Finding the latest updates on the Nortel Web site

The content of this documentation is current at the time the product is released To check for updates to the latest documentation and software for VPN Client, click one of the following links:

Most recent software Nortel page for Nortel VPN Client software

located at:

support.nortel.com/go/

main.jsp?cscat=SOFTWARE&poid=10621

Most recent documentation

Nortel page for Nortel VPN Client documentation

located at:

support.nortel.com/go/

main.jsp?cscat=DOCUMENTATION&poid=10621

Getting help from the Nortel Web site

The best way to get technical support for Nortel products is from the Nortel Technical Support Web site:

www.nortel.com/support

This site provides quick access to software, documentation, bulletins, and tools to address issues with Nortel products From this site, you can

• download software, documentation, and product bulletins

• search the Technical Support Web site and the Nortel Knowledge Base for answers to technical issues

• sign up for automatic notification of new software and documentation for Nortel equipment

• open and manage technical support cases

Getting help over the phone from a Nortel Solutions Center

If you do not find the information you require on the Nortel Technical Support Web site, and you have a Nortel support contract, you can also get help over the phone from a Nortel Solutions Center.

In North America, call 1-800-4NORTEL (1-800-466-7835).

Outside North America, go to the following Web site to obtain the phone number for your region:

www.nortel.com/erc

Getting help through a Nortel distributor or reseller

If you purchased a service contract for your Nortel product from a distributor or authorized reseller, contact the technical support staff for that distributor or reseller.

New in this release

The Nortel VPN Router Installation and Upgrade — Client Software Release 8.01

(NN46110-409) for Release 8.01 has no new features.

Chapter 1

Nortel VPN Client installation

This chapter provides the information and procedures you need to install the Nortel Virtual Private Network (Nortel VPN) Microsoft Windows XP and Windows 2000 systems.

Navigation

• “Upgrade fundamentals” on page 17

• “Basic installation” on page 19

• “Custom installation” on page 23

Upgrade fundamentals

This section includes the following topics:

• “Upgrade from legacy versions” on page 17

• “MSI kit” on page 19

• “MSI installation modes” on page 19

Upgrade from legacy versions

Nortel VPN Client uses Microsoft Windows Installer (MSI) to install the software

on your computer.

If MSI detects legacy versions of Nortel VPN Client or Contivity VPN Client, it uninstalls the legacy version before it installs the new version After the legacy version is uninstalled, you must reboot the computer After you reboot the computer, the Nortel VPN Client MSI continues, and you can complete the procedure steps identified in this guide.

Profile preservation

By default, MSI preserves profiles when you perform an upgrade If you perform

a custom installation with a kit that includes a custom profile.dat file, MSI overwrites existing profiles

To preserve profiles when you perform a custom installation with a kit that includes a custom profile.dat file, configure the install parameter

NN_KEEP_OLD_PROFILES to 1 The default is 0

“Profile preservation” on page 18 shows scenarios for profile preservation

Option settings preservation

By default, MSI does not preserve application configuration settings when you perform an upgrade To preserve application configuration settings when you perform an upgrade, configure the install parameter

NN_KEEP_OLD_CONFIGURATIONS to 1 The default is 0

Table 1 Profile preservation

Installation kit NN_KEEP_OLD_PROFILES=0 NN_KEEP_OLD_PROFILES=1

The new kit does not

contain a custom

profile.dat file

The profile.dat file is preserved The profile.dat file is preserved

The new kit contains a

custom profile.dat file

The custom profile.dat file overwrites the profile.dat file after upgrade

The profile.dat file is preserved The custom profile.dat file bundled with new kit is not installed

Note: Application configuration settings are settings that are not stored

in the connection profile.

MSI kit

The three types of MSI kits are:

• Standard—the Standard kit is a single NVCSetup.exe file in compressed, self-extracting format This file contains the MSI launcher and MSI database The Standard kit does not include the MSI engine You must download the MSI engine from the Web and install it on your system before you install the Nortel VPN Client

• Standard with MSI engine—the Standard with MSI engine kit is a single NVCSetup_WithMSI.exe file in compressed, self-extracting format This file contains the MSI launcher, MSI database, and MSI engine Version 3.1

• Custom—the Custom kit is an uncompressed version of the Standard with MSI kit To customize the kit, you can use command line parameters to replace contents in the target paths and edit the MSI database

MSI installation modes

You can install MSI in the following modes:

• GUI mode—a wizard guides you through the installation.

• Silent mode—the executable program, Msiexec.exe, interprets packages and installs products You use command line parameters to run the program For more information about command line parameters, see “Microsoft Windows Installer command line options” on page 27

Basic installation

Choose one of the following procedures to perform a basic installation:

• “Installing the Nortel VPN Client as an application” on page 20

• “Installing the Nortel VPN Client as an NT Service” on page 20

• “Installing the Nortel VPN Client as an NT Service with NNGINA” on page 22